(CONT-1035) Alter logic of pw_hash

david22swan · david22swan · commit 8d525d24a510 · 2023-06-14T09:53:50.000+01:00
The method as it is currently is causing issues with certain customers crypto setups
diff --git a/lib/puppet/parser/functions/pw_hash.rb b/lib/puppet/parser/functions/pw_hash.rb
@@ -76,14 +76,14 @@
 
   # handle weak implementations of String#crypt
   # dup the string to get rid of frozen status for testing
-  if (+'test').crypt('$1$1') == '$1$1$Bp8CU9Oujr9SSEw53WV6G.'
+  if RUBY_PLATFORM == 'java'
+    # puppetserver bundles Apache Commons Codec
+    org.apache.commons.codec.digest.Crypt.crypt(password.to_java_bytes, salt)
+  elsif (+'test').crypt('$1$1') == '$1$1$Bp8CU9Oujr9SSEw53WV6G.'
     password.crypt(salt)
   else
     # JRuby < 1.7.17
     # MS Windows and other systems that don't support enhanced salts
-    raise Puppet::ParseError, 'system does not support enhanced salts' unless RUBY_PLATFORM == 'java'
-
-    # puppetserver bundles Apache Commons Codec
-    org.apache.commons.codec.digest.Crypt.crypt(password.to_java_bytes, salt)
+    raise Puppet::ParseError, 'system does not support enhanced salts'
   end
 end
